CVE-2024-44112

Summary

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP for Oil & Gas600affected
SAP_SESAP for Oil & Gas602affected
SAP_SESAP for Oil & Gas603affected
SAP_SESAP for Oil & Gas604affected
SAP_SESAP for Oil & Gas605affected
SAP_SESAP for Oil & Gas606affected
SAP_SESAP for Oil & Gas617affected
SAP_SESAP for Oil & Gas618affected
SAP_SESAP for Oil & Gas800affected
SAP_SESAP for Oil & Gas802affected
SAP_SESAP for Oil & Gas803affected
SAP_SESAP for Oil & Gas804affected
SAP_SESAP for Oil & Gas805affected
SAP_SESAP for Oil & Gas806affected
SAP_SESAP for Oil & Gas807affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References